Artificial intelligence assisted evaluations and user interface for same

ABSTRACT

Systems and methods are disclosed herein for reducing a risk of associating with a client that may engage in illegal activity. A system accesses data associated with an entity for a given context, applies a plurality of AI models to the data based on the context to generate a plurality of AI assessments. Data for showing risk factors, assessments of the risk factors, and data for evaluating risk factors can be transmitted for rendering in a user interface in a display device. Analyst feedback can be received and used to update the AI models.

RELATED APPLICATIONS

The present disclosure references various features of and claims thebenefit of priority to U.S. Provisional Pat. App. No. 62/686,994, filedJun. 19, 2018, the entire disclosure of which is hereby made part ofthis specification as if set forth fully herein and incorporated byreference for all purposes, for all that it contains.

TECHNICAL FIELD

The present disclosure relates to artificial intelligence (AI) systems,techniques, and interfaces for investigations and improved backgroundchecking.

BACKGROUND

In the field of investigation, investigators manually reviewed casefiles to determine connections between each clue in the case files.Using their gut and instinct, the investigators could guess at whichindividuals seem suspicious and further investigate those individuals.This process was very tedious and time consuming, as well as inaccuratedue to the large number of documents and clues in each case file toreview to determine whether an individual was suspect. Automatedtechnologies are not to provide a satisfactory replacement and not ableto provide an accurate replacement.

One technique that is employed can be to perform a criminal historybackground check, such as by reviewing court records. However, thisprovides limited information. Some states may seal or purge criminalrecords. Some individuals or entities engaging in illegal activity orplanning to engage in illegal activity may not yet have a criminalhistory record. Due to such limitations, a simple criminal historybackground check may be a poor indicator for an individual's risk ofillegal activities.

SUMMARY

Some aspects feature a computer system configured to provide aninteractive user interface for generating feedback to AI models and forefficient investigations, the computer system comprising: one or morecomputer readable storage devices configured to store computer readableinstructions; a communications interface configured for datatransmission; and one or more processors. The one or more processors areconfigured to execute the plurality of computer readable instructions tocause the computer system to perform operations comprising: accessingdata associated with an entity; applying a plurality of models to thedata to generate a plurality of assessments; and transmitting, throughthe communications interface, user interface data useable for renderingan interactive user interface. The interactive user interface includes:in a first user interface portion, individually selectable indicationsof a plurality of factors and indications of associated assessments; anda second user interface portion that is dynamically updateable todisplay, in response to user selections of the individually selectablefactors, data associated with selected factors.

The computer system of the above paragraph can include one, anycombination of, or all of the following features. The models can beartificial intelligence (AI) models. The AI models include at least onerandom forest model, supervised learning model, or classification model.The one or more processors are configured to execute the plurality ofcomputer readable instructions to cause the computer system to performfurther operations comprising: receiving a first analyst evaluation of afirst risk factor; and updating a first AI model based at least in parton the first analyst evaluation, wherein the first AI model is used togenerate a first risk assessment for determining an AI evaluation of thefirst risk factor. Accessing data associated with the entity includesaccessing at least 10 databases storing a total of at least ten thousanddata entries, the plurality of assessments includes at least 10assessments, and different databases of the at least 10 databases areused for generating the plurality of assessments. Applying a pluralityof models to the data to generate a plurality of assessments includesapplying a first model to the data to generate a first assessment of afirst factor, the individually selectable indications of a plurality offactors includes a textual description of the first factor, and theindications of associated assessments includes a color coded indicatorof the first assessment. The one or more processors are configured toexecute the plurality of computer readable instructions to cause thecomputer system to perform further operations comprising: generating acombined risk assessment based on a weighted combination of theplurality of assessments. The one or more processors are configured toexecute the plurality of computer readable instructions to cause thecomputer system to perform further operations comprising: storing, in anarchive, at least two of: a first AI evaluation based at least in parton one of the plurality of assessments for a first factor, an analystevaluation of the first factor, or the data used to generate a firstassessment for the first factor. The one or more processors areconfigured to execute the plurality of computer readable instructions tocause the computer system to perform further operations comprising:generating, using the data associated with the entity, a graphicalvisualization of the data, where the graphical visualization includes atleast one graph, table, web, or chart. The graphical visualizationincludes at least one: web indicating relationships between the entityand other entities, wherein the web is dynamically configurable by theuser to extend to a variable number of degrees of connections; chart ortable comparing transaction data reported by the entity againsttransaction data compiled from the one or more internal databases oftransactions by the entity; or a chart visualizing a comparison orbreakdown of categories of transactions. A first model of the pluralityof models is applied to a subset of the data to generate a firstassessment of the plurality of assessments, and the one or moreprocessors are configured to execute the plurality of computer readableinstructions to cause the computer system to perform further operationscomprising: receiving a user selection of a first risk factor that isrelated to the first assessment, and in response to receiving the userselection of the first risk factor, generating, using the subset of thedata, a graphical visualization of the subset of the data. The one ormore processors are configured to execute the plurality of computerreadable instructions to cause the computer system to transmit the userinterface data in response to at least one or a combination of theplurality of assessments indicating a high risk. Accessing dataassociated with an entity includes searching one or more databases forat least one of: asset transfer restrictions against the entity, travelrestrictions against the entity, or a number of legal warrants or courtorders against the entity. Accessing data associated with an entityincludes searching one or more databases for at least one of:transactions or relationships between the entity and public figures orcelebrities, transactions or relationships between the entity andgovernment figures, or transactions or relationships between the entityand other entities known to or at high risk for involvement with illegalactivity. Applying a plurality of models to the data to generate aplurality of assessments includes comparing at least one of: a frequencyof transactions by the entity to a reference frequency of transactions,a quantity of transactions by the entity to a reference quantity oftransactions, methods used by the entity to make transactions againstreference methods of making transactions, or internal or private datarecords about the entity to public data records about or reported by theentity. Applying a plurality of models to the data to generate aplurality of assessments includes determining at least one of: adistance between a physical address associated with the entity and aphysical address of a business used by that the entity, or whetheraddresses or contact information associated with the entity is shared byother entities. The entity and other entities are engaged in a samefield of practice, and wherein applying a plurality of models to thedata to generate a plurality of assessments includes at least one of:comparing registrations or licenses of the entity to registrations orlicenses of the other entities, or comparing transactions of the entityto the other entities. Applying a plurality of models to the data togenerate a plurality of assessments includes applying a first set ofmodels to generate a first plurality of assessments for a first group ofrisks in a first context. The one or more processors are configured toexecute the plurality of computer readable instructions to cause thecomputer system to periodically, randomly, or routinely perform furtheroperations comprising: accessing updated data associated with theentity, and applying a second plurality of models to generate a secondplurality of assessments for a second group of risks in a secondcontext. The interactive user interface further includes a third userinterface portion that is dynamically updateable to display, in responseto the user selections of the individually selectable factors, AIevaluations of the selected factors.

Accordingly, in various embodiments, large amounts of data areautomatically and dynamically calculated interactively in response touser inputs, and the calculated data is efficiently and compactlypresented to a user by the system. Thus, in some embodiments, the userinterfaces described herein are more efficient as compared to previoususer interfaces in which data is not dynamically updated and compactlyand efficiently presented to the user in response to interactive inputs.

Further, as described herein, the system may be configured and/ordesigned to generate user interface data useable for rendering thevarious interactive user interfaces described. The user interface datamay be used by the system, and/or another computer system, device,and/or software program (for example, a browser program), to render theinteractive user interfaces. The interactive user interfaces may bedisplayed on, for example, electronic displays (including, for example,touch-enabled displays).

Additionally, it has been noted that design of computer user interfaces“that are useable and easily learned by humans is a non-trivial problemfor software developers.” (Dillon, A. (2003) User Interface Design.MacMillan Encyclopedia of Cognitive Science, Vol. 4, London: MacMillan,453-458.) The various embodiments of interactive and dynamic userinterfaces of the present disclosure are the result of significantresearch, development, improvement, iteration, and testing. Thisnon-trivial development has resulted in the user interfaces describedherein which may provide significant cognitive and ergonomicefficiencies and advantages over previous systems. The interactive anddynamic user interfaces include improved human-computer interactionsthat may provide reduced mental workloads, improved decision-making,reduced work stress, and/or the like, for a user. For example, userinteraction with the interactive user interfaces described herein mayprovide an optimized display of time-varying and report-relatedinformation and may enable a user to more quickly access, navigate,assess, and digest such information than previous systems.

In some embodiments, data may be presented in graphical representations,such as visual representations, such as charts and graphs, whereappropriate, to allow the user to comfortably review the large amount ofdata and to take advantage of humans' particularly strong patternrecognition abilities related to visual stimuli. In some embodiments,the system may present aggregate quantities, such as totals, counts, andaverages. The system may also utilize the information to interpolate orextrapolate, e.g. forecast, future developments.

Further, the interactive and dynamic user interfaces described hereinare enabled by innovations in efficient interactions between the userinterfaces and underlying systems and components. For example, disclosedherein are improved methods of receiving user inputs, translation anddelivery of those inputs to various system components, automatic anddynamic execution of complex processes in response to the inputdelivery, automatic interaction among various components and processesof the system, and automatic and dynamic updating of the userinterfaces. The interactions and presentation of data via theinteractive user interfaces described herein may accordingly providecognitive and ergonomic efficiencies and advantages over previoussystems.

Various embodiments of the present disclosure provide improvements tovarious technologies and technological fields. For example, as describedabove, existing system and technology for reviewing data (including,e.g., in memory databases) is limited in various ways (e.g., manual datareview is slow, costly, and less detailed; data is too voluminous;etc.), and various embodiments of the disclosure provide significantimprovements over such technology. Additionally, various embodiments ofthe present disclosure are inextricably tied to computer technology. Inparticular, various embodiments rely on detection of user inputs viagraphical user interfaces, calculation of updates to displayedelectronic data based on those user inputs, automatic processing ofrelated electronic data, and presentation of the updates to displayedimages via interactive graphical user interfaces. Such features andothers (e.g., processing and analysis of large amounts of electronicdata) are intimately tied to, and enabled by, computer technology, andwould not exist except for computer technology. For example, theinteractions with displayed data described below in reference to variousembodiments cannot reasonably be performed by humans alone, without thecomputer technology upon which they are implemented. Further, theimplementation of the various embodiments of the present disclosure viacomputer technology enables many of the advantages described herein,including more efficient interaction with, and presentation of, varioustypes of electronic data.

Additional embodiments of the disclosure are described below inreference to the appended claims, which may serve as an additionalsummary of the disclosure.

In various embodiments, systems and/or computer systems are disclosedthat comprise a computer readable storage medium having programinstructions embodied therewith, and one or more processors configuredto execute the program instructions to cause the one or more processorsto perform operations comprising one or more aspects of the above-and/or below-described embodiments (including one or more aspects of theappended claims).

In various embodiments, computer-implemented methods are disclosed inwhich, by one or more processors executing program instructions, one ormore aspects of the above- and/or below-described embodiments (includingone or more aspects of the appended claims) are implemented and/orperformed.

In various embodiments, computer program products comprising a computerreadable storage medium are disclosed, wherein the computer readablestorage medium has program instructions embodied therewith, the programinstructions executable by one or more processors to cause the one ormore processors to perform operations comprising one or more aspects ofthe above- and/or below-described embodiments (including one or moreaspects of the appended claims).

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 shows an example AI system for evaluating the risk of clientparticipation in illegal activity.

FIG. 2 shows an example of user interface for evaluating the risk ofclient participation in illegal activity.

FIG. 3 shows an example user interface for analyzing organization riskfactors.

FIG. 4 shows an example user interface with additional data foranalyzing organization risk factors.

FIG. 5 shows an example user interface for analyzing risk factorsrelated to partners of a client.

FIG. 6 shows an example user interface for analyzing risk factorsrelated to transaction risk.

FIG. 7 shows an example user interface with additional data foranalyzing risk factors related to transaction risk.

FIG. 8 shows an example user interface for summarizing AI and analystevaluations.

FIG. 9 shows an example flowchart of a method for using AI and userinterfaces to prevent association with clients who are high risk forparticipating in illegal activity.

FIG. 10 is a block diagram that illustrates a computer system upon whichvarious embodiments may be implemented.

DETAILED DESCRIPTION

Introduction

In some cases, law-abiding individuals or organizations may want todetect or screen for client entities who are likely involved withillegal activity such as money laundering so that the law-abidingindividuals or organizations can avoid working with those clients.However, manually investigating every client can be very tedious andtime consuming, and many factors can be overlooked. Accordingly,disclosed herein are systems and methods for automatically analyzing anddetecting clients who may be engaged in illegal activity, and doing soin a faster, cost effective, and more accurate manner. A system can, ona large scale, process records to automatically analyze those recordsfor clues to detect possible illegal activity based on variouscombinations of indicators. To improve accuracy and continually adapt tochanging techniques used by individuals to evade detection, the systemcan include an artificial intelligence component that continuallyimproves through feedback.

Disclosed herein are embodiments that automate an investigator's tasks.Some embodiments enable a computer system to provide at least a partialsubstitute for the “gut” or “instinct” determination. The automation isaccomplished through rules that are applied to records in a database andother information to determine weighted risk assessments. The disclosureincludes many exemplary rule sets that go beyond simply performing acriminal background check. Instead, the rule sets can produce moreaccurate investigation results by taking into consideration combinationsof indicators and new sources of data based on different contexts.

Some organizations may provide goods or services to clients. Some ofthose organizations may provide goods or services that, althoughgenerally used by law-abiding citizens, can also be used for illegalactivity. For example, gun stores may sell guns for hunting andself-defense, banks may provide various financial services to thegeneral public, chemical suppliers may sell chemicals for research andindustrial uses, etc. The gun stores may want to avoid selling guns topeople who will use the guns for violence, banks may want to avoidworking with money launderers, and chemical suppliers may want to avoidselling to terrorists. Often times, simple state or federal backgroundchecks can be insufficient. To allow for a clearer understanding of theconcepts, this detailed description is discussed with respect toexamples of a bank that wants to avoid taking on clients who are likelyto engage in money laundering. However, it will be understood that thetechnology and techniques disclosed herein can be extended to any typeof organization with any type of client relationship.

The law-abiding organizations may desire to document their diligence ininvestigating their clients. For example, the organizations may documenttheir investigation of each client to justify engaging in a businessrelationship with the client. The organizations can establish businessrelationships with low risk clients who pass the investigation andrefuse to work with clients who are deemed high risk. If the client islater discovered to engage in illegal activities, then the organizationcan justify the bona fide business relationship with (what was thoughtto be) a low risk client and avoid complicit liability.

The system and techniques disclosed herein allow for a more accurate,comprehensive, and faster analysis of a client. The amount of data usedfor each investigation can be increased for a more accurate result.Databases including thousands or millions of records or more can besearched. By automating certain parts, organizations can hire fewerinvestigators. Some or most investigations can now be completed by acomputer system without human analysis and feedback, greatly reducingthe number of investigations performed. Furthermore, the speed ofinvestigations is accelerated. In addition to reducing the amount ofmanual review, a well-designed user interface allows for analysts tomore quickly analyze data that, when presented in other formats, wouldbe analyzed much more slowly. See Dillon, A. (2003) User InterfaceDesign. MacMillan Encyclopedia of Cognitive Science, Vol. 4, London:MacMillan.

The system also allows for a standardized evaluation process to beperformed on a plurality of clients. Available data from multipledatabases is processed and presented to an analyst, even if the analystwould not have otherwise thought to examine the data. Decision makingabout whether to accept, reject, or terminate a relationship with aclient can be speeded up.

Overview

FIG. 1 shows an example AI system 100 for evaluating the risk of clientparticipation in illegal activity. The system includes a search module101 for using a data stream module 104 to search databases 103 or theinternet 105 based on user input 102, an AI evaluation module configuredto execute a plurality of AI models 109 to generate risk assessments111, a user interface 113, a data visualization generator 123, an AImodel modifier 125, a low risk client approval module 127, and anarchive 129. The user interface 113 can include a first area showing aplurality of risk factors 115, a second area showing data 117 foranalyzing a risk factor, a third area showing one or more AI evaluations119, and a fourth area for receiving an analyst evaluation 121 of therisk factor. Using the AI system 100 of FIG. 1, the review of clientsfor risk indicators can be partially automated, and data is presented ina format to facilitate detection of high risk clients.

The user input 102 can indicate a client to be analyzed to assess a riskof the client's participation in illegal activity, such as laundering.The search module 101 can search for information about the client invarious databases 103 and the internet 105. The search results from thevarious databases 103 and/or the internet can be provided to a pluralityof AI models 109. Each AI model 109 can be configured to assess aspecific type of risk indicator and generate risk assessments 111. Theindividual risk assessments from each AI model 109 can be combined intoa combined risk assessment. The combined risk assessment can be comparedagainst a threshold amount to determine a risk. If the client's combinedrisk assessment indicates a low risk, then the client can be approved.Otherwise, if the client's combined risk assessment indicates a highrisk, or in some embodiments, if one or a combination of individual riskassessments indicate a high risk, then a user interface 113 can begenerated to facilitate an analyst's review of the data. The userinterface 113 can present data 117 for analyzing one or more riskfactors and AI evaluations 119 of risk factors. The analyst can reviewthe data 117 and provide an analyst evaluation 121 of one or more riskfactors. The analyst evaluation can be used as feedback to the AI modelmodifier 125. The AI models 109 can be modified based on the feedback.The AI and analyst risk evaluations and data for analyzing the riskfactors can be stored in an archive 129. Although the user input 102 forsearching is described in the context of a potential client forinvestigation, it will be understood that the search can be performed onany entity in any context, regardless of whether there is a potential“client” relationship.

User input 102 can indicate a client to be analyzed for a likelihood ofillegal activity such as laundering. The user input can include a nameof the client, government issued-identification numbers (such as adriver's license number, social security number, military ID number,national ID number, passport number, tax ID number, business entity IDnumber, etc.), a birthday, online usernames, addresses, and/or otherpersonally identifying information. The type of user input provided canalso affect the types of databases 103 used, the types of AI models 109applied, the types of risk assessments 111 determined, and the types ofrisk factors 115 analyzed. For example, different databases 103, AImodels 109, risk assessments 111, and/or risk factors 115 can beanalyzed if the identifier indicates that the entity is a person (suchas with a driver's license, name, passport number, or social securitynumber) as opposed to a business (such as with a business name, tax IDnumber, etc.).

The user input 102 can also indicate a context for the client. Thecontext can also affect the types of databases 103 used, the types of AImodels 109 applied, the types of risk assessments 111 determined, andthe types of risk factors 115 analyzed. For example, a first combinationof databases 103, AI models 109, risk assessments 111, and risk factors115 can be used to evaluate new clients. A second combination ofdatabases 103, AI models 109, risk assessments 111, and risk factors 115can be used to evaluate a current client. In some cases, the analysisfor the “current client” context can be periodically, randomly,according to selection algorithms, or routinely run for all clients,such as daily, weekly, monthly, annually, or at other times with orwithout a user-provided indication of context.

A search module 101 can search multiple databases 103 for data about theclient. Multiple databases 103 including databases 1 through M, where Mcan be any number, can be searched for information about the client. Thedatabases 103 can include court databases, criminal history databases,and government databases. The databases 103 can also include databasesof transactions involving the client, such as assignments of property,transfers of value, wires, checks, deposits, etc. including who theclient transacted with. The databases 103 can also include socialnetworks, ancestry databases, community databases, and other databasesindicating relationships between individuals. The databases 103 can alsoinclude communication databases including emails, phone calls,communication records, text messages, etc. The databases 103 can alsoinclude private databases of commercial entities. For example, a groupof commercial entities (such as a group of banks, a group of gun shops,or a group of chemical makers) may pool their private databases withother entities and allow access for the purpose of vetting clients. Thedatabases 103 can also include public record databases, employmentdatabases, news databases, and other archives. The databases 103 canalso include commercial entity registration databases, securitiesreports and filings databases, meeting minutes databases, vote anddecision databases, and other databases that may indicate an affiliationor business relationship with the client. The databases 103 can alsoinclude shipping databases, manifest databases, transportationdatabases, mail databases, and other databases recording the transfer ofgoods, product, or cargo to/from the client. Any other type of databasethat may have information about the client, the client's relationshipswith others entities, information about the other entities, and/orreference data for demographic groups and normal indicators can besearched. In the context of a current client, a database of the currentclient's history of activities, orders, and transactions with theorganization can also be searched. In some embodiments, at least 10, 20,30, 40, 50, 60, or any number of different databases 103 can besearched.

Additionally, the search module 101 can perform a search for the clienton the internet 105, including searching databases accessible via theinternet 105. Additionally, the internet can search for the client onnews sites, online archives, search engines, social media sites, etc.The internet can also be used to search for and determine the context ofan internet article that the client is found in, such as whether theclient is found in news articles, political articles, popularly viewedposts, near keywords indicating a positive, negative, or controversialcontext, etc.

A data stream module 104 can be used to process the data from thedatabases 103. The data stream module 104 can be configured to track andcross-search the databases 103 and/or the internet 105. For example, todetermine how many transactions John Doe has conducted over the pastyear, the data stream module can search a first database for a firstcompany's transactions with John Doe and also search a second databasefor a second company's transactions with John Doe, and the data streammodule 104 can generate an output including the de-duplicated union ofdata from the first database and from the second database. As anotherexample, to search for the partners with equity in BigCo., the datastream module 104 can search a first database of companies and partnersfor data about the partners of BigCo., search a second database ofsubsidiaries of businesses to find subsidiaries of BigCo., search thefirst database again for the partners of the subsidiaries, and thengenerate an output including the de-duplicated union of data. The datastream module 104 can be used to provide a more comprehensive, moreaccurate, and smaller sized (de-duplicated) data set. In someembodiments, the data stream module can provide access to a plurality ofdata sets, streams of data, and/or streams of search results.

The AI evaluation module 107 can be configured to provide differentcombinations of the data from the databases 103 to different AI models109. There can be a plurality of AI Models 1 to N, where N can be anynumber. Some models such as AI Model 3 can be used to analyze data fromone database such as Database 3. Other models such as AI model 2 can beused to analyze combinations of data from a plurality of databases. Datafrom some databases such as Database 1 can be provided to a plurality ofAI models. Each AI model can be configured to analyze a risk factor,some examples of which are provided in later sections of thisdisclosure. The AI models 109 can include, for example, random forestmodels, learning based models, classification models, nearest neighbormodels, supervised or unsupervised learning models, regression models,clustering models, neural network models, reinforcement models, decisiontree models, support vector machine models, association models, rulebased models, or other types of AI models. Different types of AI modelscan be used for analyzing different risk factors.

Each AI model 109 can generate a risk assessment 111 for a risk factor115. The risk assessment can be a Boolean variable (such as risky or notrisky), a number (such as 0 to 100), etc. The risk assessments 111 canalso include a combined risk assessment. The combined risk assessmentcan be a weighted combination of each individual risk assessment 1through O, where O can be any number. In some embodiments, the number ofrisk assessments can match the number of AI models. In some embodiments,there can be a different number of risk assessments and AI models, forexample, if an average output of two different AI models are used togenerate a single risk assessment for a risk factor.

One or a combination of risk assessments 111 can be used to determine ifthe client is a low risk client. If the combined risk assessmentindicates that the client is a low risk client (for example, if thecombined risk assessment is compared to and determined to be less than athreshold combined risk assessment), then the client can be approved,and the organization can engage the client and provide products orservices. Furthermore, the data used for analysis and the resulting riskassessments indicating a low likelihood of illegal activity such aslaundering can be stored in an archive. The archive data can bepreserved, such as using block chain, distributed ledger, cumulativechecksums, rewrite restrictions, encryptions, or other technology toprevent later tampering.

If the combined risk assessment indicates that the client is a high riskclient (for example, if the combined risk assessment is compared to anddetermined to be higher than a threshold combined risk assessment, or ifcertain one or combinations of individual risk assessments exceedthresholds), then the client can be evaluated by the AI as high risk andan interactive user interface 113 can be generated to facilitate adetailed review of data about the client.

In the user interface 113, a plurality of risk factors 115 from RiskFactor 1 to Risk Factor P, where P can be any number, can be displayedin a first portion. In the first portion, the risk factors 115 can becolor coded based on risk assessments and/or AI evaluations, arranged inorder of risk assessment and/or AI evaluation, or have other visualindicators that indicate a degree of risk assessed for each risk factor115. For example, the first portion of the user interface can include atextual description of the risk factors and a color coded indicatorbased on the assessment(s) used for evaluating each risk factor.Additionally or alternatively, a color coded indicator based on the AIevaluations for each of the respective risk factors can be included inthe first portion. A user can select one of the risk factors 115, andthe user's selection can cause data 117 to be displayed in a secondportion of the user interface. The data 117 can include visual data suchas charts, graphs, tables, webs, etc. generated by the datavisualization generator. The data 117 can include data about the clientas well as contextual information (e.g., about other clients ordemographics) for comparison so that the risk factor can be analyzed. Anexample of color coded risk factors 307 in a first portion of a userinterface is shown in the menu 303 of FIG. 3.

The data 117 can be dynamically generated for display in response to auser's selection of a risk factor (such as Risk Factor 2) and displayedin a second portion of the user interface. The data 117 can include thedata from the databases used in assessing the selected risk factor.Accordingly, from among the plurality of databases 103, if a smallersubset (such as Database 1 and Database 2) of the plurality of databasesis relevant to the selected risk factor (such as Risk Factor 2), thenthe data 117 can include the data relevant to the client from thesmaller subset (such as Database 1 and Database 2) of the plurality ofdatabases and omit information from the other databases (such asDatabase 3 through Database M).

Data in databases can be stored in a form that is easy for computerprocessors to process but difficult for an analyst to quickly analyze.The data visualization generator can, for some types of data relevant tothe client from the smaller subset of the plurality of databases,convert the data into a form that is more easily understood and analyzedby humans. Accordingly, the data can be reformatted for display.Furthermore, the data in the databases can be too voluminous for aperson to review in a reasonable amount of time. For some types of datafor some types of risk factors, the relevant data from the relevantdatabases can be aggregated before being displayed as data 117. Forexample, totals, averages, distributions, or trends over time of largeamounts of data can be shown instead of the thousands, millions, orbillions of underlying data entries.

The data 117 can be dynamically generated. In some embodiments, the data117 can be generated for each risk factor for a client in response to adetermination that the client is a high risk client. This way, the datacan be ready for quick display when a user selects a risk factor. Insome embodiments, the data 117 can be generated almost instantly orwithin several seconds for a selected risk factor in response to a userselection of a risk factor, even if there are very large amounts ofunderlying data entries. Either way, generating the visualization ofdata can be skipped for low risk clients (which can make up over 90% or99% of clients), saving substantial amounts of processing time andpower, and freeing up computing resources for performing detailedanalysis of the data used for evaluating the high risk clients. Anexample of data 117 for analyzing a risk factor is shown as data 305 inFIG. 3.

In a third portion of the user interface, an AI evaluation 119 of risk,such as high risk, medium risk, or low risk, can be generated. The AIevaluation 119 can include evaluations of whether one or more specificrisk factors indicate that the client is likely to engage or haveengaged in laundering. The AI evaluation 119 of a risk factor can bedetermined based on one or more risk assessments 111 generated by the AImodels 109. In some embodiments, one AI model 109 (such as AI Model 1)can be used to generate one risk assessment 111 (such as a number from 0to 100 indicating increasing amounts of risk) for a risk factor, and anAI evaluation 119 will indicate that the risk factor is “Risky” if theAI assessment 111 is more than a threshold (such as 50). For example, ifa risk factor is a number of companies owned or managed by the client,and if the client owns or manages a large number of companies, then theAI evaluation 119 can indicate that, at least for the specific riskfactor, the client is high risk because of the client's ability to usemultiple companies to move assets around. In some embodiments, the AIevaluation 119 can automatically update in response to a user selectionof a risk factor 115 to show the AI evaluation 119 for the selected riskfactor. A summary AI evaluation 119 can include a summary and overalllikelihood that the client is or will participate in laundering. Thesummary can include, for example, which risk factors indicate that theclient is likely to engage in laundering. The summary can also includeexamples of the data that indicates that the client is likely to engagein laundering. For example, the summary can show comparisons of theclient to other people or groups, show data values related to the clientthat are outside of normal ranges or otherwise suspicious. As an exampleof an AI evaluation, an example indicator 309 of “Risky” or “Not risky”can be selected as shown in FIG. 3.

In a fourth portion of the user interface, an analyst evaluation 121 canbe provided. The analyst evaluation can be provided for each riskfactor. The analyst evaluation can additionally or alternatively beprovided for the overall likelihood that the client is or will engage inlaundering. An analyst can review the data 117 and the AI evaluation119. Based on the analyst's review, the analyst can confirm or changethe automatically evaluated risks. If the analyst confirms that theclient is indeed a high risk client, then the organization can declineto engage with (or, in the current client context, decline to continueto engage with) the client. If the analyst changes the evaluation andindicates that the client is a low risk client, then the organizationcan engage with the client. As an example of an analyst evaluation 121,an analyst can select an example evaluation option 311 of “Risky” or“Not risky” as shown in FIG. 3, and the analyst may change the exampleAI evaluation indicator 309 in doing so (or there can be separateindicators for AI and analyst evaluations).

The risk evaluation including the AI evaluation 119, the analystevaluation 121, and data for analyzing the risk factors can be stored inan archive 129. The risk evaluation can include indications of thedatabases 103 searched, the relevant data from the databases found as aresult of a search, the AI models 109 used and the risk assessments 111,the risk factors 115, the data 117 for analyzing the risk factors, theAI evaluation 119, and the analyst evaluation 121, including whether theuser confirmed or changed the AI evaluation 119. The archive data can bepreserved, such as using block chain, distributed ledger, cumulativechecksums, rewrite restrictions, encryption, or other technology toprevent later tampering.

The analyst evaluation 121 can be provided as feedback to the AI modelmodifier 125. For each risk factor 115 that the analyst evaluation 121confirmed in AI evaluation 119, feedback can be used to update thecorresponding AI model 109, such as by providing positive reinforcementfeedback, changing coefficient values, adding a verified data sample andretraining the model, etc. For each risk factor 115 that the analystevaluation 121 differed from the AI evaluation 119, feedback can be usedto update the corresponding AI model 109, such as by providing negativereinforcement feedback, changing coefficient values, adding a verifieddata sample and retraining the model, etc.

In some cases, the analyst can review the data 117 for analyzing eachrisk factor in view of new training, new realizations, and/or newinsights. The analyst's decision making process can change over time andadapt as clients develop new strategies for hiding their indications ofengaging in illegal activity such as laundering. Accordingly, the AImodels 109 can be dynamically updated over time based on feedback suchthat the AI evaluations 119 and approvals 127 remain accurate over time,even as tactics change.

Example User Interfaces

The system described in FIG. 1 can be used to assess and evaluate aclient for a risk of illegal activity. FIG. 2 through FIG. 8 showexamples of user interfaces for analyzing a client for a risk oflaundering. Some of the risk analysis discussed with respect to FIG. 2through FIG. 9 can be performed, for example, using the AI models 109 ofFIG. 1. The user interfaces shown in FIG. 2 through FIG. 8 are examplesof user interfaces 113 (or parts thereof) shown in FIG. 1. It will beunderstood that the analysis and technology discussed with respect toFIG. 2 through FIG. 8 can also be performed and detect low risk clients,such as described with respect to block 127 of FIG. 1, withoutgenerating one, some, or all of the user interfaces shown in FIG. 2through FIG. 8. Furthermore, although the examples are provided withrespect to evaluating clients for a risk of laundering, it will beunderstood that the technology can be extended to evaluating clients forother risks.

FIG. 2 shows an example of user interface 200 for evaluating the risk ofclient participation in illegal activity. The interface 200 includesinputs 201 allowing for an entity type, name, and/or identificationnumber to be entered and searched (such as by using the search module101 of FIG. 1). A navigation menu 203 includes selectable indicators toshow general information about the searched client and various classesof risk indicators, such as organization risks, partner risks,transaction risks, and other risks. A display area 205 can update todynamically display information in responses to user selections in themenu 203. In the example, the “General Info” is selected, and thedisplay area 205 shows general information about the searched entity“SmallCo.” The display area 205 shows registration information, annualrevenue data, account data, and owners and investors of SmallCo.

The navigation menu 203 can be interacted with to show different riskindicators. For example, as shown in FIG. 3, when “Organization Risks”is selected, related data from databases can be used for dynamicallyupdating the display area 305 to show visualizations of data relating toorganization risks. Also, as shown in FIG. 3, the navigation menu canalso show indications of risk factors relating to “Organization Risks.”Similarly, when “Partner Risks” is selected in FIG. 2, the userinterface 500 of FIG. 5 can be displayed in place of the display area205 along with indications of partner-specific risk factors. Similarly,when “Transaction Risks” is selected in FIG. 2, the display area 605 ofFIG. 6 can be displayed in place of the display area 205 along withindication of transaction-specific risk factors. The menu 203 of FIG. 2can include any additional number of risk categories and/or risk factorsthat can be interacted with to display other user interfaces, such asshown in FIG. 7. When “Summary & Save” is selected from the menu 203,the user interface 800 of FIG. 8 can be displayed.

The display area 205 shows general information about the searched entity“SmallCo.” An area showing registration information can include alertsfor the entity (such as travel restrictions, bank restrictions,warrants, sanctions, trade restrictions, evaluated risks of laundering,etc.), the entity name, area of practice or industry that the entity isengaged in, an address, date founded, and other information.

The area showing annual revenue data can include a table or othervisualization of data such as revenue amounts, dates, and sources of thedata, which can come from one or more different databases. In somecases, the different revenue sources can come from different databases.For example, a database of tax or securities filings can be searched toreport a first amount of revenue, a database of bank transactions can besearched to report a second amount of revenue, and a third database ofcourt filings can be searched to report a third amount of revenue. Thedata from the different databases can be simultaneously shown inproximity to each other so that inconsistencies can be more easilyrecognized by an analyst. Otherwise, an analyst performing manual reviewmost often will not recognize the inconsistencies when reviewing massiveamounts of data. Also, when different analysts are assigned to reviewthe different databases in an attempt to expedite review speed, nonewill recognize the inconsistency with other databases. The example tableallows for easy recognition of significant discrepancy betweentransactions reported by the client for tax documents and transactionsreported by a bank, indicating a likelihood of laundering.

The area showing account data can include a table or other visualizationof data such as accounts of the entity with various institutions (suchas checking or saving accounts), along with data about the date opened,date closed, balances, etc. Abnormal amounts of accounts and/or abnormaltimings of accounts can indicate a likelihood of laundering.

The area showing owners and investors can include a table or othervisualization of data such as the owners, partners, lenders, equityholders, and/or other beneficiaries of the entity. Data such asidentification numbers, names, titles, amount of equity, and income forthe owners and investors can also be collected from one or moredatabases and displayed. This can allow for recognition and familiarityof the owners and investors. Furthermore, due to the simultaneousshowing and/or proximity of the data (e.g., on a same screen),suspicious patterns can be detected. For example, the area of practiceis indicated as a laundromat, which is a cash-service industry. Theincome of the owners can be compared to models of what is typical forthat type of industry. For example, it can be recognized thatlaundromats usually are smaller investment projects that do not requiremultiple owners or investors, and that the income of each owner orinvestor in the project can be compared to what is typical for the areaof practice. The multiple investors shown can indicate a likelihood oflaundering, as well as a mismatch between income and reported tax data.

FIG. 3 shows an example user interface 300 for analyzing organizationrisk factors. The user interface 300 includes a menu 303 that can expandto show a plurality of indicators of individual risk factors in responseto a user interaction with “Organization Risks.” The display area 305can update to show data for analyzing each risk factor 307, an exampleAI evaluation indicator 309 of each risk factor, and provide for anexample analyst evaluation option 311 of each risk factor.

In the menu 303, the individual risk factors (e.g., Risk Factor 1through Risk Factor N, where N can be any number) can be automaticallycolor coded based at least in part on a risk assessment and/or an AIevaluation of the risk factor. For example, a risk factor can beindicated with a color code ranging from green to red on a colorspectrum based on a risk assessment used for evaluating the risk factor.As another example, a risk factor can be color coded as green if an AIevaluation for the risk factor is low risk, yellow if an AI evaluationfor the risk factor is unknown or moderate risk, and red if an AIevaluation for the risk factor is high risk. Other visual indicators,such as symbols, patterns, or stylizing can also be used. Other visualindicators can include arranging the risk factors from highest risk tolowest risk. The visual indicators can allow an analyst to quickly focuson the more critical data. The analyst can, in some embodiments, skipreviewing data related to risk factors that were determined by the AIevaluation to be low risk, saving substantial amounts of time.Accordingly, an analyst can focus attention on the more critical datafor a greater number of clients being investigated and make moreaccurate evaluations.

In the display area 305, data for analyzing each individual risk factorcan be displayed. For example, Risk Factor 1 can be “Recent CorporateChanges” and data for analyzing this risk factor can include the tableand timeline shown in FIG. 3. Some recent corporate changes can indicatean increased likelihood of laundering, especially if the client is newlyassociated with high risk individuals. The table can show any alerts orrestrictions for the associated individuals. The alerts can be of recordin databases and/or generated by an evaluation (such as analysisdescribed with respect to FIG. 1 through FIG. 9) of each associatedindividual. The data for analyzing “Recent Corporate Changes” can alsoshow, in the table and/or in a timeline, the times where individualsassociated with the entity changed. Due to the simultaneous and/orproximate display of information, it can be seen that two individualsflagged with alerts and took a combined 100% equity from 2015-2016,indicating higher risks around or after this time frame.

For each risk factor in the display area, AI evaluation indicators ofthe risk factor and analyst evaluation options of the risk factor canalso be shown. The AI evaluation can automatically indicate a resultgenerated based at least in part on the output of one or more AI models.For example, an indication of “Risky” or “Not Risky” can beautomatically selected to indicate the AI evaluation.

An analyst can enter an analyst evaluation 313, such as by confirming orselecting the other of “Risky” or “Not Risky.” The analyst evaluation313 can also include freely typed comments. The analyst evaluation 313can also include one or more pre-populated reasons for confirming orchanging the evaluation. The pre-populated reasons can change dependingon the analyst's selected evaluation and change depending on whether ornot the analyst evaluation is different from the AI evaluation. Thepre-populated reasons can also be different for each risk factor andserve to remind the analyst of various reasons to consider whenevaluating the presented data. In some embodiments, when the analystevaluation is entered, the color coding of the associated risk factorcan update. For example, if Risk Factor 1 in the menu 303 is greenbecause the AI evaluation of Risk Factor 1 indicates low risk, then RiskFactor 1 in the menu 303 can change to red when the analyst changes theevaluation to high risk.

The example display area 305 also includes data for analyzing a secondrisk factor, such as Risk Factor 2. In some embodiments, the data foranalyzing risk factors can be individually displayed in the display area305 in response to a selection of a specific risk factor from the menu303. In some embodiments, the data for analyzing a plurality of riskfactors can be simultaneously shown in the display area 305, andselecting a specific risk factor from the menu 303 can cause thecorresponding data for analysis to appear in focus in the display area305, such as by scrolling to the corresponding data.

An example of a second risk factor is whether or not there are changesto addresses. Businesses and people usually keep their addresses forlonger periods of time, and more frequent changes can indicate a higherrisk of laundering. An AI model can be configured to analyze thefrequency of address changes of the client in comparison to othersimilar entities. The display area can also show or include links toshow street views of the address and/or a map of the address. This canallow the analyst to see if the addresses are in typical locations forpeople/businesses and/or evaluate if the street view shows an actualresidence or building. If not, then the address can be suspect, and therisk factor can indicate a higher risk of laundering.

FIG. 4 shows an example user interface 400 with additional data foranalyzing organization risk factors. The examples can be shown, forexample, in the display area 305 of FIG. 3, and can correspond to otherrisk factors in the menu 303 of FIG. 3.

Risk factors such as “Same Addresses as Other Entities,” “Same PhoneNumbers as Other Entities,” and/or same identifiers (such as taxidentifiers, registration numbers, emails, etc.) as other entities canbe used to determine a risk of money laundering. An AI model can beconfigured to analyze data to determine increased likelihoods oflaundering when more addresses, phone numbers, and/or identifiers of theclient are shared with other entities. This can be the case when, forexample, a money launderer uses a plurality of entities to move assetsaround while using a single physical address, phone number, email, orother identifier for ease of coordination and management. The userinterface 400 can show one or more tables or visualizations of theaddresses, phone numbers, or identifiers associated with the client and,for each entity having a phone number, address, or identifier thatmatches the client, one or more of: notes about problems or alerts forthe entity, an ID (such as a tax number, registration number, socialsecurity number, etc.) for the entity, a name of the entity, adescription of the entity, a field of practice or occupation of theentity, a category of the entity, and/or other data. The visualizationcan also show a number of entities matching each address, phone number,and/or identifier associated with the client. The information can beshown simultaneously and/or proximately to each other.

In the illustrated example, the addresses associated with the clientmatches 101 other entities, and the phone numbers associated with theclient matches 121 other entities. An AI model can be configured todetermine, for example, that based on the large number of matchingentities, the client has a higher risk of engaging in laundering.

An analyst can be configured to analyze the presented data. For example,a shopping center or mall may have a general address used by a pluralityof stores located within the shopping center or mall, and this can bethe case without raising suspicion. As another example, an analyst mayrecognize that a headquarters of a large company may have a phone numberthat is shared with subsidiaries of the same company, or that adedicated call center may provide support for a number of differentcompanies. The analyst can review the AI evaluation 411 and confirm orchange the evaluation. The analyst can also provide comments, reasons,or other analysis about the analyst's evaluation 413. Although one AIevaluation 411 and one analyst evaluation 413 option is shown for thecombination of phone numbers and addresses, in some embodiments, therecan be separate evaluation options.

FIG. 5 shows a user interface 500 including data for analyzing riskfactors related to partners of a client. The examples can be shown, forexample, in the display area 305 of FIG. 3, and can correspond to riskfactors under the class of “Partner Risk” in the menu 303 of FIG. 3.When the “Partner Risk” option is selected in the menu 303 of FIG. 3, aplurality of the risk factors (e.g., Risk Factor 1 to M, where M is anynumber, similar to what is shown in FIG. 3) related to Partner Risk canappear, along with color coded (or other visual) indicators of each riskfactor.

The user interface 500 includes data for analyzing a first risk factor,“Unusual Partner Data.” The data can include a table and/or othervisualizations comparing demographic data about the partners, investors,or beneficiaries of the client. An AI model can be configured to analyzepeople investors of different business and perform a comparison ofincome data for the partners, investors, or beneficiaries of the clientto partners, investors, or beneficiaries of similar demographics.Demographic information can include, for example, age, education,location, etc. In the example, the age of each person is shown incomparison to average ages of typical partners in the laundromatbusiness with similar backgrounds. It can be seen that the ages aretypical or within a reasonable variation, otherwise laundering may beindicated by using unusual people (such as children too young to investin businesses) to facilitate transactions. The income of each person isalso shown in comparison to average incomes of typical partners in thelaundromat business with similar backgrounds. It can be seen that theincomes of Jane Doe and John Doe are within a reasonable variation ofowners of laundromats in view of fractional equity, but Jordan Belfortand AI Capone are associated with incomes far in excess of typicallaundromat owners, even accounting for or regardless of age andeducation. If an AI model determines a high risk for this risk factor,an analyst can review the data and confirm the high risk, noting theunusual incomes as risk factors.

The user interface 500 also includes data for analyzing a second riskfactor, “Suspicious Extended Relationships.” The user can select anumber of degrees of connections to analyze, which is currently shown as4. Based on the number of selected degrees, connections of the clientcan be determined and displayed. For example, for the selected clientSmallCo., the first degree can be the investors, partners, andbeneficiaries of SmallCo. and/or entities that are business partnerswith, have a parent or subsidiary relationship with, a supply orpurchase relationship with, or other type of association with SmallCo.The second degree of connections can include entities, investors,partners, and beneficiaries further associated with the entities,investors, partners, and beneficiaries from the first degree ofconnections. Connected entities, investors, partners, and beneficiariesmay be collectively referred to as “connected entities.”

The members of each degree of connections can be shown in a table 511,nested menu 513, web 515, or other visualization, along with one or anycombination of: restrictions, alerts, notes, names, identificationnumbers, industry, title, dates of participation or founding or birth,addresses, contact info, the type of association used to determine theconnection relationship, or other information. Additionally, visualindications (such as colored circles) can be used to flag the connectedentities for various situations. The flags can indicate if there are anyanalyst notes about or restrictions against a connected entity. Theflags can also indicate if a connected entity is a previously rejectedclient, such as based on an AI evaluation or analyst evaluationperformed in the past. The flags can also indicate if a connected entityis a public figure, such as a politician or celebrity. For example,databases and/or the internet can be searched to determine if the entitywas reported in news sites, government databases, top listed searchpages, popular social media sites, etc. The flags can also indicate ifthe connected entity is a foreign entity. An AI model can be configuredto search for and analyze the connected entities of a client anddetermine the flags for the connected entities.

In the example shown in the user interface, a nested menu 513 showsconnected entities of the client being analyzed. A connected entity inthe nested layer can be selected to reveal a next degree of connectionthat includes people. Furthermore, in response to the selection, the webcan be displayed and/or updated to show equity, association, orrelationship between the selected entity and the next degree ofconnected entities, including indicators of the amount of equity,association, or relationship. The web 515 can use different icons toindicate people, businesses entities, etc. The web can also be used todetermine if the partners of the client also have equity in otherentities that have a relationship with the client. The web can also beused to easily see if the client moves assets through variousconnections back to the same client and/or accounts or entities owned bythe same people, for example, if the web shows a plurality of links thatcircle back to the same entities.

By reviewing the data provided for analyzing suspicious extendedrelationships and the interactive web and nested menu, an analyst canmake an evaluation about whether or not the data indicates a risk oflaundering.

Other examples of data that can be shown in the user interface include:data about connected entities, the experience of connected entities, theage of connected entities, the income of connected entities, theaddresses or citizenships of connected entities, equity of connectedentities, dates of transactions or changes in equity of connectedentities, corporate changes of the connected entities, etc. Furthermore,average, normal, or statistical distributions of the same types of datacan be shown to provide a reference for comparison. The average, normal,or statistical distribution of data can be used to assist the analyst orAI models in determining unusual relationships.

FIG. 6 shows an example user interface 600 for analyzing risk factorsrelated to transaction risk. The interface 600 includes inputs 601allowing for an entity type, name, and/or identification number to beentered and searched (such as by using the search module 101 of FIG. 1).A navigation menu 603 includes selectable indicators with “TransactionRisks” selected and a plurality of risk factors related to transactionrisks. A display area 605 is updated to dynamically display data foranalyzing the transaction risks. The example risks factors related totransaction risks include internal versus reported revenue consistency,revenue consistency with industries, transactions in unusual regions,and other risk factors, such as transactions with types of entities.

The display area 605 includes data for a risk factor based on internalversus reported revenue consistency. This can include data from twodifferent sources or different databases, for example, an externaldatabase of taxes reported by the client and an internal database oftransactions processed for or with the client. Other examples ofdatabases include databases from financial institutions, shippingdatabases, customs databases, etc. The data for analysis can bedynamically presented for a default time period. The time period can bechanged by the analyst, and the displayed data can update in response.The example data shows that the reported transactions are inconsistentwith and substantially less than the transactions sent and received. Thedata for analysis can be shown in a table and as a graph or othervisualization. An AI model can be configured to determine which sourcesand time periods of revenues to compare for evaluating a likelihood oflaundering. The sources and time period selected by the AI model can bepresented as the default sources and default time period for analysis.An analyst can review the data for different sources and/or differenttime periods and provide an analyst evaluation. The analyst's decisionmay recognize situations where inconsistencies are normal, such as whenfigures from a less inclusive database are lower than figures from amore inclusive database, the figures from a report are calculatedaccording to a different standard, etc. Based on the displayed data, theAI and/or analyst can recognize that the reported transactions are thenet value of the transactions instead of an actual amount oftransactions, and appropriate evaluations can be made.

The display area 605 can also include data for analyzing the client'stransaction consistency with an industry. Transactions for various typesof industries or entity types can be compiled, visually presented, andcompared to the transaction data determined for the client. For example,the data shows that typical laundromats receive transactions valued atan average of 35,739, but the client's received transactions are valuedat 8.6 times this amount. Data for other similar or related categories,such as cleaners, can also be shown for reference. An analyst can selectto view transactions sent, received, or both, and the data can bedynamically updated based on the analyst's selection. As shown, thetransactions, regardless of sending or receiving, show comparativelyexcessive sending and receiving of transactions by the client. This isapparent even though the client's net transaction value (25,507) iscorrectly reported for taxes and within a reasonable range forlaundromats. The AI model can provide an evaluation, and an analyst canconfirm or revise the evaluation and enter comments based on the dataabout the client's transaction consistency with similar industries.

The display area 605 can also include data for analyzing the client'stransaction with entities in unusual regions. One or more databases canbe used to analyze a distribution of transactions and geographiclocations associated with the transactions. The data can be displayed ina visualization such as a map, table, graph, web, etc. An AI model canbe configured to associate certain geographic locations and/or averagetransaction distances for certain types of clients with increasedlikelihoods of laundering. For example, most entities typically transactwith other local people or businesses. Transactions across fartherdistances, foreign countries, and/or certain places such as tax havenscan indicate higher likelihoods of laundering. The geographicdistribution of the client's transactions can be compared to thegeographic distributions of other similar entities. An analyst canreview the data and provide an analyst evaluation to confirm or changean AI evaluation, as well as provide comments.

The display area 605 can also include a visualization of data foranalyzing other risk factors associated with transactions (not shown).For example, one or more databases can be used to analyze a distributionof types of entities that a client transacts with. An AI model can beconfigured to compare the distribution for the client with distributionsfor other similar entities. For example, databases can be analyzed tocompile, for similar laundromats with low risks of laundering, apercentage of types of entities typically transacted with. Thedistribution can indicate, for example, that low risk laundromatstypically have 25% of their transactions (by volume or value) withlandlords or real estate companies, 25% with appliance suppliers, 25%with repair services, and 25% with other categories. This can becompared to the transactions of the client, which may be, for example,2% with a landlord, 2% with an appliance supplier, 2% with repairservices, and 94% with financial institutions, trusts, and banks. An AImodel can, based on the disparity, determine a high likelihood oflaundering. The data can be visually displayed for an analyst who canconfirm or change the evaluation (for example, if a new laundromat justopened after securing bank loans and has not opened for business).

The display area 605 can also include a visualization of data foranalyzing other risk factors associated with transactions (not shown).For example, one or more databases can be used to analyze an amount oftransactions. Often, anti-laundering enforcement agencies requirereporting of transactions over a certain value, such as 10,000.Accordingly, AI models can be configured to assess an usually largeproportion of transactions just below the reporting requirement, such as9,500, as high risk or an even more unusually larger proportion oftransactions of even smaller amounts as high risk. Additionally oralternatively, an AI model can be configured to, based on a frequency,volume, and average size of transactions by the client in comparison toother entities, assess a risk of laundering. For example, if mostlaundromats typically make cash daily deposits of coins in the range ofa few hundred but less than one thousand, but the client typically makesmultiple deposits of 1,000 to 2,000 (well below the reportingrequirement), then the AI model can still flag a high risk oflaundering. As another example, the method of making transactions (suchas in person transactions, transactions made with automated machines, ortransactions made online) by the client can be compared to the behaviorof other entities, as launderers may often avoid making transactions inperson to avoid showing identification.

FIG. 7 shows an example user interface 700 with additional data foranalyzing risk factors related to transaction risk. The examples can beshown, for example, in the display area 605 of FIG. 6, and cancorrespond to one of the “other risk factors” in the menu 603 of FIG. 6.

In the user interface 700, data for analyzing the risk factor“Transactions with High Risk Entities” can be shown. An AI model can beconfigured to analyze data to determine entities that the clienttransacted with. Data from a default date range determined to be ofinterested by the AI model can be shown, as well as data from some orall databases determined to be of interest by the AI model. An analystcan select different date ranges and/or databases. The analyst canselect transactions sent, received, or both for analysis. The analystcan also filter out certain types of transactions. The data shown in theuser interface 700 can automatically update in response to the analyst'sselections.

A visualization, such as a table, graph, and/or other visualizations,can display one or more of: entities that the client transacted with,identification numbers of the entities, names of the entities, directionof transactions, value of transactions, percentage of overalltransactions, and other data can be shown.

A web can show certain types of transactions, such as top transactionsby value, top transactions by percent of total transactions,transactions sent and/or received, transactions from certain databases,and/or transactions from entities within certain degrees of connectionsto the client. One or more databases can be searched to generate theweb, which can represent entities with icons (such as to distinguishpeople and companies). The icons can be further distinguished toindicate (such as using color or different icons) people or entitiesflagged as high risk. Accordingly, an analyst can easily see if theclient transacts with other high risk entities. The direction of nettransaction flow can be indicated on the links between icons, and thelinks can also indicate a value or percentage of the transaction. Ananalyst can interact with the web to rearrange the icons, zoom in orout, and perform other manipulations. Based on the data shown in theuser interface, an analyst can confirm or change an AI evaluation ofrisk based on transactions with high risk entities.

FIG. 8 shows an example user interface 800 for summarizing AI andanalyst evaluations. A display area 801 can show an indication of anumber 803 of risk factors deemed high risk for the client (displayed asAI evaluation/analyst evaluation), an indication of a number 805 of riskfactors deemed low risk factors (displayed as AI evaluation/analystevaluation), a number 807 of risk factors assessed by the analystwithout providing a reason, and a number 809 of times that the analystchanged the evaluation that was made by the AI model.

The numbers of high risk or low risk AI evaluations can include all ofthe risk factors evaluated by the AI. In some embodiments, AIevaluations may not be presented for every risk factor. For example, AImodels may not analyze some types of images, and data for analyzing arisk factor based on a street view of address of or a website of theentity can be provided to an analyst for an analyst evaluation withoutan AI evaluation or AI assessment. If the AI evaluates all risk factorsbefore presenting data to the analyst, then the total number of highrisk and low risk evaluations can account for all risk factors evaluatedby an AI model. The total number of high risk and low risk evaluationsby the analyst can be lower if the analyst has not evaluated all riskfactors, for example, if the analyst skipped over risk factors deemedlow risk by the AI evaluation in order to save time.

For all or some (such as the high risk) risk factors, a table 811 cansummarize the class of risk, the specific risk factor evaluated, the AIevaluation of the risk factor, the analyst's evaluation of the riskfactor, analyst comments, and a prepopulated reason selected by theanalyst. The summary can show data for all risk factors, for the riskfactors evaluated by the analyst, or for the risk factors evaluated tobe high risk.

Buttons at the bottom can present options to approve the client, declinethe client, and to save and archive the data. The buttons to approve theclient can be selectable, in various embodiments, after an analystreviews and provides an evaluation of all risk factors or at least allrisk factors initially flagged as high risk by the AI models. In someembodiments, if a certain number or combination of risk factors areflagged as high risk by the AI models and/or the analyst, then theapprove client option may not be available. In some embodiments, anapproval or rejection for the client can be automatically performedbased on the AI evaluations and/or analyst evaluations when the “Saveand Archive” button is selected. Selecting to save and archive can causethe data for evaluating the risk factors, such as shown in FIG. 2through FIG. 7, as well as the summary data shown in FIG. 8, to bearchived in a database.

AI models and analysts can evaluate additional risk factors, and datacan be presented for analyzing the additional risk factors. For example,whether a client or related entity operates on certain exchanges can beflagged. As another example, the internet or registration databases canbe searched to determine whether the client or related entity has awebsite typical for people or similar businesses. The website can bereviewed by the AI model and/or analyst to see if the website is a bonafide website or just a placeholder. The absence of a website or bonafide website can indicate a higher likelihood of laundering. The clientor related entity can be checked for registrations and/or licenses fortheir field of practice or industry as compared to other similarentities. The absence of a license or registration can indicate a higherlikelihood of laundering. Being in and/or having relationships withentities in certain fields of practice can indicate a higher likelihoodof laundering. Mentions of the client and/or related entities in thepress and/or political forums can indicate a higher likelihood oflaundering. Accordingly, there can be more risk factors for AI modelevaluation and/or analyst evaluation.

Example Flowchart

FIG. 9 shows an example flowchart 900 of a method for using AI and userinterfaces to prevent association with clients who are high risk forparticipating in illegal activity.

At block 901, a client is received for evaluation in an evaluationcontext. The client name or other identification can be received andprovided to a system. In a first example context, information about anew client can be received in a new client context. In a second example,an existing client can be randomly, periodically, routinely, oralgorithmically selected as part of a client checkup context.

At block 903, data associated with an entity can be accessed. The datacan be data useful for analysis by one or more AI models. The data canbe accessed from one or more databases and/or the internet, such asshown in FIG. 1. The databases that are accessed can depend on thecontext. For example, an internal database of historical transactionswith the client may include useful data in the context of new clients,but the internal database of historical transactions with the client canbe accessed in the context of an existing client.

At block 905, a plurality of AI models can be applied to the data togenerate a plurality of AI assessments and/or evaluations. The AI modelsused can depend on the context. For example, AI models that generateevaluations using data about internal transactions with the client (suchas shown in FIG. 6) can be used in the existing client context but notused in the new client context because new clients will not have anyhistory of internal transactions.

At block 907, data for displaying one or more user interfaces can betransmitted. The user interfaces can include a first portion showingrisk factors, a second portion showing data for analyzing the riskfactors, a third portion showing an AI evaluation of the risk factor,and/or a fourth portion allowing for an analyst to provide an evaluationof the risk factor. The portions can be displayed simultaneously and/oron the same screen. Example user interfaces and portions thereof areshown in FIG. 2 through FIG. 8. The risk factors can depend on thecontext. In some embodiments, different risk factors and/or differentnumbers of risk factors can be displayed depending on the context.

In some embodiments, block 907 can be performed if one or a combinationof AI assessments and/or evaluations indicates high risk, otherwiseblock 905 can proceed to blocks 915, 917, and 919. For example, in a newclient context, a client can be approved at block 919 if all or most AIassessments and/or evaluations indicate low risk. As another example, ina checkup context, no alert is generated for clients assessed by an AIto be low risk, but an analyst can be alerted using the user interfacetransmitted at block 909 to review data for a client indicated to behigh risk in one or a combination of AI assessments or evaluations.

At block 909, data to update the user interfaces can be transmitted. Thedata can be generated in response, for example, to a user selection of arisk factor, a user selection of different data for analysis, etc. Inresponse, a visualization of data for analyzing a risk factor can beupdated.

At block 911, an analyst evaluation of a risk factor can be received.The analyst evaluation can also include comments and/or reasons. Analystevaluations can be received for a plurality of risk factors and maychange or override the AI evaluation for the risk factor.

At block 913, based on an analyst evaluation of a risk factor, one ormore AI models used for evaluating the risk factor can be updated usingthe analyst's evaluation as feedback. The feedback can reinforce(positively or negatively) the AI model, act as a new verified datapoint for retraining the AI model, cause the AI model to update with anew path or grouping, change coefficients used in the AI model, etc. TheAI model can also update based on a prepopulated reason selected by theanalyst. For example, if an analyst selects a reason that the AI modeldid not evaluate enough data, evaluated too much data, or evaluatedirrelevant data, then the AI model can be updated to evaluate differentdata.

At block 915, the evaluations of the analyst and/or the AI can bearchived. The data for analyzing risk factors can also be archived. Insome embodiments, the aggregate results (such as total transactionfigures shown in FIG. 6) of the data (such as the data reviewed by theanalyst) can be archived. In some embodiments, the underlying data (suchas each available transaction record contributing to a total transactionvalue shown in FIG. 6) used to generate aggregate results can bearchived.

At block 917, a summary of evaluations can be generated. An examplesummary of evaluations is shown in FIG. 8. The summary of evaluationscan include AI evaluations of risk factors, analyst evaluations of riskfactors, comments, and/or reasons.

At block 919, the client can be approved if low risk or rejected if highrisk. The approval or rejection can include, for example, sending anotification to an individual or computer device. A rejection caninclude, for example, denying a sale, transaction, service, orrelationship. An approval can include, for example, performing a nextstep of a sale, transaction, service, or relationship. In an existingclient context, a rejection can include terminating a relationship oraccount with a client or preventing future transactions, sales, orservices with the client.

Additional Implementation Details and Embodiments

Various embodiments of the present disclosure may be a system, a method,and/or a computer program product at any possible technical detail levelof integration. The computer program product may include a computerreadable storage medium (or mediums) having computer readable programinstructions thereon for causing a processor to carry out aspects of thepresent disclosure.

For example, the functionality described herein may be performed assoftware instructions are executed by, and/or in response to softwareinstructions being executed by, one or more hardware processors and/orany other suitable computing devices. The software instructions and/orother executable code may be read from a computer readable storagemedium (or mediums).

The computer readable storage medium can be a tangible device that canretain and store data and/or instructions for use by an instructionexecution device. The computer readable storage medium may be, forexample, but is not limited to, an electronic storage device (includingany volatile and/or non-volatile electronic storage devices), a magneticstorage device, an optical storage device, an electromagnetic storagedevice, a semiconductor storage device, or any suitable combination ofthe foregoing. A non-exhaustive list of more specific examples of thecomputer readable storage medium includes the following: a portablecomputer diskette, a hard disk, a solid state drive, a random accessmemory (RAM), a read-only memory (ROM), an erasable programmableread-only memory (EPROM or Flash memory), a static random access memory(SRAM), a portable compact disc read-only memory (CD-ROM), a digitalversatile disk (DVD), a memory stick, a floppy disk, a mechanicallyencoded device such as punch-cards or raised structures in a groovehaving instructions recorded thereon, and any suitable combination ofthe foregoing. A computer readable storage medium, as used herein, isnot to be construed as being transitory signals per se, such as radiowaves or other freely propagating electromagnetic waves, electromagneticwaves propagating through a waveguide or other transmission media (e.g.,light pulses passing through a fiber-optic cable), or electrical signalstransmitted through a wire.

Computer readable program instructions described herein can bedownloaded to respective computing/processing devices from a computerreadable storage medium or to an external computer or external storagedevice via a network, for example, the Internet, a local area network, awide area network and/or a wireless network. The network may comprisecopper transmission cables, optical transmission fibers, wirelesstransmission, routers, firewalls, switches, gateway computers and/oredge servers. A network adapter card or network interface in eachcomputing/processing device receives computer readable programinstructions from the network and forwards the computer readable programinstructions for storage in a computer readable storage medium withinthe respective computing/processing device.

Computer readable program instructions (as also referred to herein as,for example, “code,” “instructions,” “module,” “application,” “softwareapplication,” and/or the like) for carrying out operations of thepresent disclosure may be assembler instructions,instruction-set-architecture (ISA) instructions, machine instructions,machine dependent instructions, microcode, firmware instructions,state-setting data, configuration data for integrated circuitry, oreither source code or object code written in any combination of one ormore programming languages, including an object oriented programminglanguage such as Smalltalk, C++, or the like, and procedural programminglanguages, such as the “C” programming language or similar programminglanguages. Computer readable program instructions may be callable fromother instructions or from itself, and/or may be invoked in response todetected events or interrupts. Computer readable program instructionsconfigured for execution on computing devices may be provided on acomputer readable storage medium, and/or as a digital download (and maybe originally stored in a compressed or installable format that requiresinstallation, decompression or decryption prior to execution) that maythen be stored on a computer readable storage medium. Such computerreadable program instructions may be stored, partially or fully, on amemory device (e.g., a computer readable storage medium) of theexecuting computing device, for execution by the computing device. Thecomputer readable program instructions may execute entirely on a user'scomputer (e.g., the executing computing device), partly on the user'scomputer, as a stand-alone software package, partly on the user'scomputer and partly on a remote computer or entirely on the remotecomputer or server. In the latter scenario, the remote computer may beconnected to the user's computer through any type of network, includinga local area network (LAN) or a wide area network (WAN), or theconnection may be made to an external computer (for example, through theInternet using an Internet Service Provider). In some embodiments,electronic circuitry including, for example, programmable logiccircuitry, field-programmable gate arrays (FPGA), or programmable logicarrays (PLA) may execute the computer readable program instructions byutilizing state information of the computer readable programinstructions to personalize the electronic circuitry, in order toperform aspects of the present disclosure.

Aspects of the present disclosure are described herein with reference toflowchart illustrations and/or block diagrams of methods, apparatus(systems), and computer program products according to embodiments of thedisclosure. It will be understood that each block of the flowchartillustrations and/or block diagrams, and combinations of blocks in theflowchart illustrations and/or block diagrams, can be implemented bycomputer readable program instructions.

These computer readable program instructions may be provided to aprocessor of a general purpose computer, special purpose computer, orother programmable data processing apparatus to produce a machine, suchthat the instructions, which execute via the processor of the computeror other programmable data processing apparatus, create means forimplementing the functions/acts specified in the flowchart and/or blockdiagram block or blocks. These computer readable program instructionsmay also be stored in a computer readable storage medium that can directa computer, a programmable data processing apparatus, and/or otherdevices to function in a particular manner, such that the computerreadable storage medium having instructions stored therein comprises anarticle of manufacture including instructions which implement aspects ofthe function/act specified in the flowchart(s) and/or block diagram(s)block or blocks.

The computer readable program instructions may also be loaded onto acomputer, other programmable data processing apparatus, or other deviceto cause a series of operational steps to be performed on the computer,other programmable apparatus or other device to produce a computerimplemented process, such that the instructions which execute on thecomputer, other programmable apparatus, or other device implement thefunctions/acts specified in the flowchart and/or block diagram block orblocks. For example, the instructions may initially be carried on amagnetic disk or solid state drive of a remote computer. The remotecomputer may load the instructions and/or modules into its dynamicmemory and send the instructions over a telephone, cable, or opticalline using a modem. A modem local to a server computing system mayreceive the data on the telephone/cable/optical line and use a converterdevice including the appropriate circuitry to place the data on a bus.The bus may carry the data to a memory, from which a processor mayretrieve and execute the instructions. The instructions received by thememory may optionally be stored on a storage device (e.g., a solid statedrive) either before or after execution by the computer processor.

The flowchart and block diagrams in the Figures illustrate thearchitecture, functionality, and operation of possible implementationsof systems, methods, and computer program products according to variousembodiments of the present disclosure. In this regard, each block in theflowchart or block diagrams may represent a module, segment, or portionof instructions, which comprises one or more executable instructions forimplementing the specified logical function(s). In some alternativeimplementations, the functions noted in the blocks may occur out of theorder noted in the Figures. For example, two blocks shown in successionmay, in fact, be executed substantially concurrently, or the blocks maysometimes be executed in the reverse order, depending upon thefunctionality involved. In addition, certain blocks may be omitted insome implementations. The methods and processes described herein arealso not limited to any particular sequence, and the blocks or statesrelating thereto can be performed in other sequences that areappropriate.

It will also be noted that each block of the block diagrams and/orflowchart illustration, and combinations of blocks in the block diagramsand/or flowchart illustration, can be implemented by special purposehardware-based systems that perform the specified functions or acts orcarry out combinations of special purpose hardware and computerinstructions. For example, any of the processes, methods, algorithms,elements, blocks, applications, or other functionality (or portions offunctionality) described in the preceding sections may be embodied in,and/or fully or partially automated via, electronic hardware suchapplication-specific processors (e.g., application-specific integratedcircuits (ASICs)), programmable processors (e.g., field programmablegate arrays (FPGAs)), application-specific circuitry, and/or the like(any of which may also combine custom hard-wired logic, logic circuits,ASICs, FPGAs, etc. with custom programming/execution of softwareinstructions to accomplish the techniques).

Any of the above-mentioned processors, and/or devices incorporating anyof the above-mentioned processors, may be referred to herein as, forexample, “computers,” “computer devices,” “computing devices,” “hardwarecomputing devices,” “hardware processors,” “processing units,” and/orthe like. Computing devices of the above-embodiments may generally (butnot necessarily) be controlled and/or coordinated by operating systemsoftware, such as Mac OS, iOS, Android, Chrome OS, Windows OS (e.g.,Windows XP, Windows Vista, Windows 7, Windows 10, Windows 10, WindowsServer, etc.), Windows CE, Unix, Linux, SunOS, Solaris, Blackberry OS,VxWorks, or other suitable operating systems. In other embodiments, thecomputing devices may be controlled by a proprietary operating system.Conventional operating systems control and schedule computer processesfor execution, perform memory management, provide file system,networking, I/O services, and provide a user interface functionality,such as a graphical user interface (“GUI”), among other things.

For example, FIG. 10 is a block diagram that illustrates a computersystem 1000 upon which various embodiments may be implemented. Computersystem 1000 includes a bus 1002 or other communication mechanism forcommunicating information, and a hardware processor, or multipleprocessors, 1004 coupled with bus 1002 for processing information.Hardware processor(s) 1004 may be, for example, one or more generalpurpose microprocessors.

Computer system 1000 also includes a main memory 1006, such as a randomaccess memory (RAM), cache and/or other dynamic storage devices, coupledto bus 1002 for storing information and instructions to be executed byprocessor 1004. Main memory 1006 also may be used for storing temporaryvariables or other intermediate information during execution ofinstructions to be executed by processor 1004. Such instructions, whenstored in storage media accessible to processor 1004, render computersystem 1000 into a special-purpose machine that is customized to performthe operations specified in the instructions.

Computer system 1000 further includes a read only memory (ROM) 1008 orother static storage device coupled to bus 1002 for storing staticinformation and instructions for processor 1004. A storage device 1010,such as a magnetic disk, optical disk, or USB thumb drive (Flash drive),etc., is provided and coupled to bus 1002 for storing information andinstructions.

Computer system 1000 may be coupled via bus 1002 to a display 1012, suchas a cathode ray tube (CRT) or LCD display (or touch screen), fordisplaying information to a computer user. An input device 1014,including alphanumeric and other keys, is coupled to bus 1002 forcommunicating information and command selections to processor 1004.Another type of user input device is cursor control 1016, such as amouse, a trackball, or cursor direction keys for communicating directioninformation and command selections to processor 1004 and for controllingcursor movement on display 1012. This input device typically has twodegrees of freedom in two axes, a first axis (e.g., x) and a second axis(e.g., y), that allows the device to specify positions in a plane. Insome embodiments, the same direction information and command selectionsas cursor control may be implemented via receiving touches on a touchscreen without a cursor.

Computing system 1000 may include a user interface module to implement aGUI that may be stored in a mass storage device as computer executableprogram instructions that are executed by the computing device(s).Computer system 1000 may further, as described below, implement thetechniques described herein using customized hard-wired logic, one ormore ASICs or FPGAs, firmware and/or program logic which in combinationwith the computer system causes or programs computer system 1000 to be aspecial-purpose machine. According to one embodiment, the techniquesherein are performed by computer system 1000 in response to processor(s)1004 executing one or more sequences of one or more computer readableprogram instructions contained in main memory 1006. Such instructionsmay be read into main memory 1006 from another storage medium, such asstorage device 1010. Execution of the sequences of instructionscontained in main memory 1006 causes processor(s) 1004 to perform theprocess steps described herein. In alternative embodiments, hard-wiredcircuitry may be used in place of or in combination with softwareinstructions.

Various forms of computer readable storage media may be involved incarrying one or more sequences of one or more computer readable programinstructions to processor 1004 for execution. For example, theinstructions may initially be carried on a magnetic disk or solid statedrive of a remote computer. The remote computer can load theinstructions into its dynamic memory and send the instructions over atelephone line using a modem. A modem local to computer system 1000 canreceive the data on the telephone line and use an infra-red transmitterto convert the data to an infra-red signal. An infra-red detector canreceive the data carried in the infra-red signal and appropriatecircuitry can place the data on bus 1002. Bus 1002 carries the data tomain memory 1006, from which processor 1004 retrieves and executes theinstructions. The instructions received by main memory 1006 mayoptionally be stored on storage device 1010 either before or afterexecution by processor 1004.

Computer system 1000 also includes a communication interface 1018coupled to bus 1002. Communication interface 1018 provides a two-waydata communication coupling to a network link 1020 that is connected toa local network 1022. For example, communication interface 1018 may bean integrated services digital network (ISDN) card, cable modem,satellite modem, or a modem to provide a data communication connectionto a corresponding type of telephone line. As another example,communication interface 1018 may be a local area network (LAN) card toprovide a data communication connection to a compatible LAN (or WANcomponent to communicated with a WAN). Wireless links may also beimplemented. In any such implementation, communication interface 1018sends and receives electrical, electromagnetic or optical signals thatcarry digital data streams representing various types of information.

Network link 1020 typically provides data communication through one ormore networks to other data devices. For example, network link 1020 mayprovide a connection through local network 1022 to a host computer 1024or to data equipment operated by an Internet Service Provider (ISP)1026. ISP 1026 in turn provides data communication services through theworld wide packet data communication network now commonly referred to asthe “Internet” 1028. Local network 1022 and Internet 1028 both useelectrical, electromagnetic or optical signals that carry digital datastreams. The signals through the various networks and the signals onnetwork link 1020 and through communication interface 1018, which carrythe digital data to and from computer system 1000, are example forms oftransmission media.

Computer system 1000 can send messages and receive data, includingprogram code, through the network(s), network link 1020 andcommunication interface 1018. In the Internet example, a server 1030might transmit a requested code for an application program throughInternet 1028, ISP 1026, local network 1022 and communication interface1018.

The received code may be executed by processor 1004 as it is received,and/or stored in storage device 1010, or other non-volatile storage forlater execution.

As described above, in various embodiments certain functionality may beaccessible by a user through a web-based viewer (such as a web browser),or other suitable software program). In such implementations, the userinterface may be generated by a server computing system and transmittedto a web browser of the user (e.g., running on the user's computingsystem). Alternatively, data (e.g., user interface data) necessary forgenerating the user interface may be provided by the server computingsystem to the browser, where the user interface may be generated (e.g.,the user interface data may be executed by a browser accessing a webservice and may be configured to render the user interfaces based on theuser interface data). The user may then interact with the user interfacethrough the web-browser. User interfaces of certain implementations maybe accessible through one or more dedicated software applications. Incertain embodiments, one or more of the computing devices and/or systemsof the disclosure may include mobile computing devices, and userinterfaces may be accessible through such mobile computing devices (forexample, smartphones and/or tablets).

Many variations and modifications may be made to the above-describedembodiments, the elements of which are to be understood as being amongother acceptable examples. All such modifications and variations areintended to be included herein within the scope of this disclosure. Theforegoing description details certain embodiments. It will beappreciated, however, that no matter how detailed the foregoing appearsin text, the systems and methods can be practiced in many ways. As isalso stated above, it should be noted that the use of particularterminology when describing certain features or aspects of the systemsand methods should not be taken to imply that the terminology is beingre-defined herein to be restricted to including any specificcharacteristics of the features or aspects of the systems and methodswith which that terminology is associated.

Conditional language, such as, among others, “can,” “could,” “might,” or“may,” unless specifically stated otherwise, or otherwise understoodwithin the context as used, is generally intended to convey that certainembodiments include, while other embodiments do not include, certainfeatures, elements, and/or steps. Thus, such conditional language is notgenerally intended to imply that features, elements and/or steps are inany way required for one or more embodiments or that one or moreembodiments necessarily include logic for deciding, with or without userinput or prompting, whether these features, elements and/or steps areincluded or are to be performed in any particular embodiment.

The term “substantially” when used in conjunction with the term“real-time” forms a phrase that will be readily understood by a personof ordinary skill in the art. For example, it is readily understood thatsuch language will include speeds in which no or little delay or waitingis discernible, or where such delay is sufficiently short so as not tobe disruptive, irritating, or otherwise vexing to a user.

Conjunctive language such as the phrase “at least one of X, Y, and Z,”or “at least one of X, Y, or Z,” unless specifically stated otherwise,is to be understood with the context as used in general to convey thatan item, term, etc. may be either X, Y, or Z, or a combination thereof.For example, the term “or” is used in its inclusive sense (and not inits exclusive sense) so that when used, for example, to connect a listof elements, the term “or” means one, some, or all of the elements inthe list. Thus, such conjunctive language is not generally intended toimply that certain embodiments require at least one of X, at least oneof Y, and at least one of Z to each be present.

The term “a” as used herein should be given an inclusive rather thanexclusive interpretation. For example, unless specifically noted, theterm “a” should not be understood to mean “exactly one” or “one and onlyone”; instead, the term “a” means “one or more” or “at least one,”whether used in the claims or elsewhere in the specification andregardless of uses of quantifiers such as “at least one,” “one or more,”or “a plurality” elsewhere in the claims or specification.

The term “comprising” as used herein should be given an inclusive ratherthan exclusive interpretation. For example, a general purpose computercomprising one or more processors should not be interpreted as excludingother computer components, and may possibly include such components asmemory, input/output devices, and/or network interfaces, among others.

While the above detailed description has shown, described, and pointedout novel features as applied to various embodiments, it may beunderstood that various omissions, substitutions, and changes in theform and details of the devices or processes illustrated may be madewithout departing from the spirit of the disclosure. As may berecognized, certain embodiments of the inventions described herein maybe embodied within a form that does not provide all of the features andbenefits set forth herein, as some features may be used or practicedseparately from others. The scope of certain inventions disclosed hereinis indicated by the appended claims rather than by the foregoingdescription. All changes which come within the meaning and range ofequivalency of the claims are to be embraced within their scope.

What is claimed is:
 1. A computer system configured to provide aninteractive user interface for generating feedback to ArtificialIntelligence (“AI”) models and for efficient investigations, thecomputer system comprising: one or more computer readable storagedevices configured to store computer readable instructions; acommunications interface; and one or more processors configured toexecute the plurality of computer readable instructions to cause thecomputer system to perform operations comprising: accessing dataassociated with an entity; applying a plurality of AI models to theaccessed data to generate a plurality of risk assessments correspondingto plurality of risk factors associated with the entity; transmitting,through the communications interface, user interface data useable forrendering an interactive user interface comprising: in a first userinterface portion, individually selectable indications of each of theplurality of risk factors and indications of the corresponding riskassessments generated by the respective AI models, wherein theindications of the corresponding risk assessments include color codedindications in the first user interface portion; a second user interfaceportion that is dynamically updateable to display, in response to userselections of the individually selectable indications of the pluralityof risk factors in the first user interface portion: information fromrisk assessments associated with selected risk factors, and user inputinterfaces configured to receive user inputs comprising evaluations ofrisk assessments associated with selected risk factors; and a third userinterface portion that is dynamically updateable to display, in responseto the user selections of the individually selectable risk factors, AIevaluations of the selected risk factors; receiving, via the first userinterface portion, a first user input comprising a selection of a firstindication of a first risk factor of the plurality of risk factors; inresponse to receiving the first user input, causing display, in thesecond user interface portion, of: information from a first riskassessment associated with the first risk factor, and a user inputinterface configured to receive user input comprising an evaluation ofthe first risk assessment associated with the first risk factor;receiving, via the second user interface portion and the user inputinterface, a second user input comprising an evaluation of the firstrisk assessment associated with the first risk factor; and updating afirst AI model, of the plurality of AI models, corresponding to thefirst risk factor based at least on the evaluation.
 2. The computersystem of claim 1, wherein the AI models include at least one randomforest model, supervised learning model, or classification model.
 3. Thecomputer system of claim 1, wherein: said accessing includes accessingat least 10 databases storing a total of at least ten thousand dataentries; the plurality of risk assessments includes at least 10 riskassessments; and different databases of the at least 10 databases areused for generating the plurality of risk assessments.
 4. The computersystem of claim 1, wherein: applying a plurality of AI models to theaccessed data to generate a plurality of risk assessments includesapplying a first AI model to the accessed data to generate a first riskassessment of a first risk factor; and the individually selectableindications of a plurality of risk factors includes a textualdescription of the first risk factor.
 5. The computer system of claim 1,wherein the one or more processors are configured to execute theplurality of computer readable instructions to cause the computer systemto perform further operations comprising: generating a combined riskassessment based on a weighted combination of the plurality of riskassessments.
 6. The computer system of claim 1, wherein the one or moreprocessors are configured to execute the plurality of computer readableinstructions to cause the computer system to perform further operationscomprising: storing, in an archive, at least two of: a first AIevaluation based at least on one of the plurality of risk assessmentsfor a first risk factor; an analyst evaluation of the first risk factor;or any accessed data used to generate a first risk assessment for thefirst risk factor.
 7. The computer system of claim 1, wherein the one ormore processors are configured to execute the plurality of computerreadable instructions to cause the computer system to perform furtheroperations comprising: generating, using the accessed data associatedwith the entity, a graphical visualization of the accessed data, wherethe graphical visualization includes at least one graph, table, web, orchart.
 8. The computer system of claim 7, wherein the graphicalvisualization includes at least one: web indicating relationshipsbetween the entity and other entities, wherein the web is dynamicallyconfigurable by the user to adjust a number of degrees of connections inthe web; chart or table comparing transaction data reported by theentity against transaction data compiled from the one or more internaldatabases of transactions by the entity; or chart visualizing acomparison or breakdown of categories of transactions.
 9. The computersystem of claim 1, wherein: a first AI model of the plurality of AImodels is applied to a subset of the accessed data to generate a firstrisk assessment of the plurality of risk assessments; and the one ormore processors are configured to execute the plurality of computerreadable instructions to cause the computer system to perform furtheroperations comprising: receiving a user selection of a first risk factorthat is related to the first risk assessment; and in response toreceiving the user selection of the first risk factor, generating, usingthe subset of the accessed data, a graphical visualization of the subsetof the accessed data.
 10. The computer system of claim 1, wherein theone or more processors are configured to execute the plurality ofcomputer readable instructions to cause the computer system to transmitthe user interface data in response to at least one or a combination ofthe plurality of risk assessments indicating a high risk.
 11. Thecomputer system of claim 1, wherein said accessing includes searchingone or more databases for at least one of: asset transfer restrictionsagainst the entity; travel restrictions against the entity; or a numberof legal warrants or court orders against the entity.
 12. The computersystem of claim 1, wherein said accessing includes searching one or moredatabases for at least one of: transactions or relationships between theentity and public figures or celebrities; transactions or relationshipsbetween the entity and government figures; or transactions orrelationships between the entity and other entities known to or at highrisk for involvement with illegal activity.
 13. The computer system ofclaim 1, wherein applying a plurality of AI models to the accessed datato generate a plurality of risk assessments includes comparing at leastone of: a frequency of transactions by the entity to a referencefrequency of transactions; a quantity of transactions by the entity to areference quantity of transactions; methods used by the entity to maketransactions against reference methods of making transactions; orinternal or private data records about the entity to public data recordsabout or reported by the entity.
 14. The computer system of claim 1,wherein applying a plurality of AI models to the accessed data togenerate a plurality of risk assessments includes determining at leastone of: a distance between a physical address associated with the entityand a physical address of a business used by the entity; or whetheraddresses or contact information associated with the entity is shared byother entities.
 15. The computer system of claim 1, wherein the entityand other entities are engaged in a same field of practice, and whereinapplying a plurality of AI models to the accessed data to generate aplurality of risk assessments includes at least one of: comparingregistrations or licenses of the entity to registrations or licenses ofthe other entities; or comparing transactions of the entity to the otherentities.
 16. The computer system of claim 1, wherein applying aplurality of AI models to the accessed data to generate a plurality ofrisk assessments includes applying a first set of AI models to generatea first plurality of risk assessments for a first group of risks in afirst context.
 17. The computer system of claim 16, wherein the one ormore processors are configured to execute the plurality of computerreadable instructions to cause the computer system to periodically,randomly, or routinely perform further operations comprising: furtheraccessing updated data associated with the entity; and applying a secondplurality of models to generate a second plurality of risk assessmentsfor a second group of risks in a second context.
 18. Acomputer-implemented method comprising: by one or more processorsexecuting computer readable instructions: accessing data associated withan entity; applying a plurality of AI models to the accessed data togenerate a plurality of risk assessments corresponding to plurality ofrisk factors associated with the entity; transmitting, through thecommunications interface, user interface data useable for rendering aninteractive user interface comprising: in a first user interfaceportion, individually selectable indications of each of the plurality ofrisk factors and indications of the corresponding risk assessmentsgenerated by the respective AI models, wherein the indications of thecorresponding risk assessments include color coded indications in thefirst user interface portion; a second user interface portion that isdynamically updateable to display, in response to user selections of theindividually selectable indications of the plurality of risk factors inthe first user interface portion: information from risk assessmentsassociated with selected risk factors, and user input interfacesconfigured to receive user inputs comprising evaluations of riskassessments associated with selected risk factors; and a third userinterface portion that is dynamically updateable to display, in responseto the user selections of the individually selectable risk factors, AIevaluations of the selected risk factors; receiving, via the first userinterface portion, a first user input comprising a selection of a firstindication of a first risk factor of the plurality of risk factors; inresponse to receiving the first user input, causing display, in thesecond user interface portion, of: information from a first riskassessment associated with the first risk factor, and a user inputinterface configured to receive user input comprising an evaluation ofthe first risk assessment associated with the first risk factor;receiving, via the second user interface portion and the user inputinterface, a second user input comprising an evaluation of the firstrisk assessment associated with the first risk factor; and updating afirst AI model, of the plurality of AI models, corresponding to thefirst risk factor based at least on the evaluation.
 19. Thecomputer-implemented method of claim 18, wherein a first AI model of theplurality of AI models is applied to a subset of the accessed data togenerate a first risk assessment of the plurality of risk assessments,and wherein the method further comprises: by the one or more processorsexecuting computer readable instructions: receiving a user selection ofa first risk factor that is related to the first risk assessment; and inresponse to receiving the user selection of the first risk factor,generating, using the subset of the accessed data, a graphicalvisualization of the subset of the accessed data.
 20. A computerreadable storage medium having program instructions embodied therewith,the program instructions executable by one or more processors to performoperations comprising: accessing data associated with an entity;applying a plurality of AI models to the accessed data to generate aplurality of risk assessments corresponding to plurality of risk factorsassociated with the entity; transmitting, through the communicationsinterface, user interface data useable for rendering an interactive userinterface comprising: in a first user interface portion, individuallyselectable indications of each of the plurality of risk factors andindications of the corresponding risk assessments generated by therespective AI models, wherein the indications of the corresponding riskassessments include color coded indications in the first user interfaceportion; a second user interface portion that is dynamically updateableto display, in response to user selections of the individuallyselectable indications of the plurality of risk factors in the firstuser interface portion: information from risk assessments associatedwith selected risk factors, and user input interfaces configured toreceive user inputs comprising evaluations of risk assessmentsassociated with selected risk factors; and a third user interfaceportion that is dynamically updateable to display, in response to theuser selections of the individually selectable risk factors, AIevaluations of the selected risk factors; receiving, via the first userinterface portion, a first user input comprising a selection of a firstindication of a first risk factor of the plurality of risk factors; inresponse to receiving the first user input, causing display, in thesecond user interface portion, of: information from a first riskassessment associated with the first risk factor, and a user inputinterface configured to receive user input comprising an evaluation ofthe first risk assessment associated with the first risk factor;receiving, via the second user interface portion and the user inputinterface, a second user input comprising an evaluation of the firstrisk assessment associated with the first risk factor; and updating afirst AI model, of the plurality of AI models, corresponding to thefirst risk factor based at least on the evaluation.